building a cisco wireless lan

Tracking Data through the OSI System Model 13OSI and Wireless: Layer 2 and Down 14OSI and Wireless: Layer 3 and Up 20Understanding TCP/IP Addressing 21TCP 25UDP 26Summary 27 Common Pract

s o l u t i o n s @ s y n g r e s s c o m

With more than 1,500,000 copies of our MCSE, MCSD, CompTIA, and Ciscostudy guides in print, we continue to look for ways we can better serve theinformation needs of our readers One way we do that is by listening

Readers like yourself have been telling us they want an Internet-based vice that would extend and enhance the value of our books Based onreader feedback and our own strategic plan, we have created a Web sitethat we hope will exceed your expectations

ser-Solutions@syngress.com is an interactive treasure trove of useful

infor-mation focusing on our book topics and related technologies The siteoffers the following features:

■ One-year warranty against content obsolescence due to vendorproduct upgrades You can access online updates for any affectedchapters

■ “Ask the Author” customer query forms that enable you to postquestions to our authors and editors

■ Exclusive monthly mailings in which our experts provide answers toreader queries and clear explanations of complex material

■ Regularly updated links to sites specially selected by our editors forreaders desiring additional reliable information on key topics

Best of all, the book you’re now holding is your key to this amazing site

Just go to www.syngress.com/solutions, and keep this book handy when

you register to verify your purchase

Thank you for giving us the opportunity to serve your needs And be sure

to let us know if there’s anything else we can do to help you get the maximum value from your investment We’re listening

www.syngress.com/solutions

Ron Fuller Technical Editor

Tim Blankenship Technical Editor

Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results

to be obtained from the Work.

There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work

is sold AS IS and WITHOUT WARRANTY You may have other legal rights, which vary from state

to state.

In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you.

You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files.

Syngress Media®, Syngress®,“Career Advancement Through Skill Enhancement®,” and “Ask the Author UPDATE®,” are registered trademarks of Syngress Publishing, Inc “Mission Critical™,”“Hack Proofing™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Syngress Publishing, Inc Brands and product names mentioned in this book are trademarks or service marks of their respective companies.

KEY SERIAL NUMBER

Building A Cisco Wireless LAN

Copyright © 2002 by Syngress Publishing, Inc All rights reserved Printed in the United States of America Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.

Printed in the United States of America

1 2 3 4 5 6 7 8 9 0

ISBN: 1-928994-58-X

Technical Editor: Ron Fuller,Tim Blankenship Cover Designer: Michael Kavish

Technical Reviewer: Ron Fuller Page Layout and Art by: Shannon Tozier

Acquisitions Editor: Catherine B Nolan Copy Editor: Darren Meiss

Developmental Editor: Kate Glennon Indexer: Robert Saigh

Distributed by Publishers Group West in the United States and Jaguar Book Group in Canada.

Acknowledgments

v

We would like to acknowledge the following people for their kindness and support

in making this book possible

Ralph Troupe, Rhonda St John, Emlyn Rhodes, and the team at Callisma for theirinvaluable insight into the challenges of designing, deploying and supporting world-class enterprise networks

Karen Cross, Lance Tilford, Meaghan Cunningham, Kim Wylie, Harry Kirchner,Kevin Votel, Kent Anderson, Frida Yara, Bill Getz, Jon Mayes, John Mesjak, PegO’Donnell, Sandra Patterson, Betty Redmond, Roy Remer, Ron Shapiro, PatriciaKelly, Andrea Tetrick, Jennifer Pascal, Doug Reil, and David Dahl of PublishersGroup West for sharing their incredible marketing experience and expertise

Jacquie Shanahan, AnnHelen Lindeholm, David Burton, Febea Marinetti, and RosieMoss of Elsevier Science for making certain that our vision remains worldwide inscope

Annabel Dent and Paul Barry of Elsevier Science/Harcourt Australia for all their help.David Buckland,Wendi Wong, Marie Chieng, Lucy Chong, Leslie Lim, Audrey Gan,and Joseph Chan of Transquest Publishers for the enthusiasm with which they receiveour books

Kwon Sung June at Acorn Publishing for his support

Ethan Atkin at Cranbury International for his help in expanding the Syngressprogram

Jackie Gross, Gayle Voycey, Alexia Penny, Anik Robitaille, Craig Siddall, DarleneMorrow, Iolanda Miller, Jane Mackay, and Marie Skelly at Jackie Gross & Associatesfor all their help and enthusiasm representing our product in Canada

Lois Fraser, Connie McMenemy, Shannon Russell and the rest of the great folks atJaguar Book Group for their help with distribution of Syngress books in Canada.Thank you to our hard-working colleagues at New England Fulfillment &

Distribution who manage to get all our books sent pretty much everywhere in theworld.Thank you to Debbie “DJ” Ricardo, Sally Greene, Janet Honaker, and PeterFinch

Contributors

Eric Ouellet(CISSP) is a Senior Partner with Secure Systems DesignGroup, a network design and security consultancy based in Ottawa, ON,Canada He specializes in the implementation of networks and securityinfrastructures from both a design and a hands-on perspective During hiscareer he has been responsible for designing, installing, and trou-

bleshooting WANs using Cisco, Nortel, and Alcatel equipment configured

to support voice, data, and video conferencing services over terrestrial,satellite relay, wireless, and trusted communication links

Eric has also been responsible for designing some of the leadingPublic Key Infrastructure deployments currently in use and for devisingoperational policy and procedures to meet the Electronic Signature Act(E-Sign) and the Health Insurance Portability and Accountability Act(HIPAA) He has provided his services to financial, commercial, govern-ment, and military customers including the U.S Federal Government,Canadian Federal Government, and NATO He regularly speaks at leadingsecurity conferences and teaches networking and CISSP classes Eric is a

co-author of Hack Proofing Your Wireless Network (Syngress Publishing, ISBN: 1-928994-59-8) and is a contributor to the forthcoming Sniffer Network Optimization and Troubleshooting Handbook (Syngress Publishing,

ISBN: 1-931836-57-4)

Eric would like to acknowledge the understanding and support of hisfamily and friends during the writing of this book, along with WalterAllan and “The Boys” for being who they are

Robert Padjen (CCNP-Security, CCNP-Switching, CCDP) is Director

of Technology Solutions for a large financial institution He has writteneight texts on network administration, troubleshooting, and design and isrecognized as an expert witness in computer networking and intellectualproperty litigation Robert’s experience over the past ten years includesdesign and implementation of wireless, ATM, Frame Relay, and securitysolutions for a wide variety of clients Robert served as subject matterexpert on 802.11b services for Callisma, a network consulting firm, and

Arthur Pfund (CCIE#7249, CCNP, CCNA) is a Principal Engineerwith a Fortune 500 company Currently, he is responsible for the strategicand tactical evolution of a large multi-data center network environment.Specializing in Cisco routers and switches, he has hands-on experienceworking with a wide range of networking equipment In addition tonetwork design and engineering, Arthur’s background includes extensiveexperience with implementation, operational support, and trou-

bleshooting LAN and WAN systems in a large network environment

Sean Thurston (CCDP, CCNP, MCSE, MCP+I) is a Senior SolutionArchitect with Siemens Business Services He provides network and datacenter design solutions for large-scale deployment His specialties includeimplementation of multivendor routing and switching equipment andXoIP (Everything over IP installations) Sean’s background includes posi-tions as a Technical Analyst for Sprint-Paranet and the Director of abrick-and-mortar advertising dot com Sean is also a contributing author

to the following books from Syngress Publishing, Building a Cisco Network for Windows 2000 (ISBN: 1-928994-00-8), Cisco AVVID and IP Telephony Design and Implementation (ISBN: 1-928994-83-0), and the forthcoming Managing Cisco Network Security, Second Edition (ISBN: 1-931836-56-6).

Sean lives in Renton,WA with his fiancée, Kerry He is currently suing his CCIE

net-book Administering Cisco QoS in IP Networks (Syngress Publishing, ISBN:

1-928994-21-0) He currently resides in Sunbury, OH with his family,Julie and Max

Tim Blankenship(CCNP, CCDA, CNE-5, CNE-4, CNE-3, MCP,CSEC–Wireless Field Engineer) is a private consultant responsible forleading the design and implementation efforts involving Local and WideArea Networks to clients in the mid-west region of the United States Hisspecialties include Cisco wireless networking, routers and LAN switches,Novell design and implementation, strategic network planning, networkarchitecture and design, and network troubleshooting and optimization.Tim currently resides in Grove City, OH with his family, Connie,Morgan, Ben, and Emily

Technical Editors and Reviewers

Tracking Data through the OSI System Model 13OSI and Wireless: Layer 2 and Down 14OSI and Wireless: Layer 3 and Up 20

Understanding TCP/IP Addressing 21TCP 25UDP 26Summary 27

Common Practice for

Subnetting TCP/IP

Address Space

This practice serves many

purposes:

regis-tered IP space for

wire-less devices; which

typically do not include

servers.

■ It enables the

organiza-tion to subnet the

address space without

sharing address space

with the wired

net-work.

Chapter 2 Wireless LAN Overview 31

Introduction 32Understanding the Fundamentals of Radio

Frequency 32Wireless Radio Signal Transmission and

Reception 34Frequency 37Bandwidth 40

Spectrum Technology Comparisons:

Frequency Hopping versus DirectSequence 55Implementing a Wireless LAN Architecture 55

Logical Wireless System Components 59

Synchronization and Error Control 60

The following modulation

techniques are used in

Cisco Aironet radios:

Keeping Pace with Wireless Networking

Institute of Electrical and Electronic

802.11 66802.11b 77802.11a 79Other Related Working Groups 80European Telecommunications

Standards Institute (ETSI) 81Wireless Ethernet Compatibility

WLAN Interoperability Forum (WLIF) 87Infrared Data Association 87Summary 88

Chapter 3 Cisco Wireless LAN

Introduction 94Overview of Cisco Wireless Systems 95Cisco’s WLAN Product Line 95Using WLANs for Individual User

Connectivity 96Using WLANs to Connect Campuses 97Cisco’s Aironet 3X0 Series APs and Bridges 99The Cisco Aironet 350 Series 99Features Common to All 350

Individual 350 Series Device Features 103Features of the Cisco Aironet 340 Series 110Individual 340 Series Device Features 110Cisco’s Aironet Wireless NICs 115

Ceiling Mount Omni-Directional Antenna 120Mast Mount Omni-Directional Antenna 120

Answers to Your Frequently Asked Questions

Q: How far can a wireless client communicate to

an Access Point (AP)?

A: Client adapters can support 11 Mbps at a range of 400 feet (120m) in open envi- ronments and 100 feet (30m) in typical closed/

indoor environments.

Client adapter can port 1 Mbps at a range

sup-of up to 1,500 feet (460m) in open envi- ronments and 300 feet (90m) in closed/indoor environments.

High-Gain Mast Mount Omni-DirectionalAntenna 120Pillar Mount Diversity Omni-Directional

Antenna 121POS Diversity Dipole Omni-Directional

Antenna 121Diversity Ceiling Mount Omni-Directional

Introduction 132Wireless Planning Considerations 132Wireless Benefits and Limitations 134What Type of Data Will Be

Traversing the Wireless Network? 134How Much Data Will Be

Traversing the Wireless Network? 135What Is the Return On Investment

for Your Wireless Implementation? 136How Does Mobility Factor into

Determining if Wireless Is Right

Does Your Business or CorporationHave Any Restrictions That WouldProhibit You from Implementing a

Mobility 138Throughput versus Data Rate and Load 139Cost and Return on Investment 141

required to calculate the

size of the Fresnel zone

radius at its widest point

(midpoint radius) The

following formula will

allow you to calculate the

radius in feet of the

widest point in your

Wireless Design Considerations 143Attenuation 143Attenuation Due to Antenna Cabling 144Attenuation Due to Exterior

Considerations 144Accounting for the Fresnel Zone and

Radio Frequency Interference 150Interference from Radio Transmitters 151Harmonics 152Application Considerations 152

What Switches Are Used? 168

Preparing a Site Survey Kit 170Using Client Adapters in the Survey 171Using APs and Bridges in the Survey 172Choosing Antennas for the Survey 173Providing Battery Packs and Inverters

Providing Tools for the Survey 175

Bringing Temporary Mounting Equipment for the Survey 178Performing an Interior Wireless Site Survey 180

Designing Seamless Roaming 183Considering Rate Shifting 184Performing the Interior Survey 184Using the Cisco Aironet Client

Utility for Interior Site Surveys 186Watching Your Power Consumption 190Setting Your Service Set IDs 191Interior Survey Problems 191Performing an Exterior Wireless Site Survey 193

Warehouse Design Example 1 196Warehouse Design Example 2 197Warehouse Design Example 3 198

Education Design Example 1 199Education Design Example 2 200Point-to-Point Design Example 1 201Point-to-Point Design Example 2 201Point-to-Point Design Example 3 203Summary 204

Chapter 5 Installation and Configuration

of Cisco 340 and Cisco 350 Series

Introduction 210Installation of the Cisco 340/350 Series AP 213Specific Differences of the Cisco 350

Initial Configuration of the Cisco 340 and

Web-Based Configuration of the Cisco 340

Configuring the Cisco 340 and

Configuring the Web Interface 224Configuring a Name Server 224The Radio Hardware Setting 224The AP Radio Port Status Screen 227

Chapter 6 Installation and Configuration

Introduction 254Understanding the Role of

Traditional Network Bridges 254Types of Network Bridges 256

Comparing Traditional Bridges with Wireless Bridges

Cisco Aironet 340 and 350 wireless bridges can be used in one of three modes:

between two wired network segments (point-to-point)

between three or more wired network

segments multipoint)

a repeater (repeater)

Comparing Traditional Bridges with

DSSS (Direct Sequence Spread Spectrum) 263Configuring the Network Port 265Configuring the Console Port 266

Working with Root and Non-Root Modes on a Wireless Bridge 267Overview of the Spanning Tree Protocol 269Initial Setup of the Cisco Aironet Wireless Bridge 273Configuring the Bridge Using

the Command-Line Interface 273Configuring the Bridge Using the

Cisco Aironet Wireless Bridge 279

Using the Cisco Aironet Wireless Bridge

Configuring the Basic Rates Option 282Configuring the Frequency Option 282Configuring the IEEE 802.11 Options 282

Configuring the LinkTests Options 288Configuring the Extended Options 288Configuring the Ethernet Port 292Configuring the Network Identifiers 292

Cisco Aironet Wireless Bridge Troubleshooting 309

Loading Firmware and Configurations 314

FTP—File Transfer Protocol 315Distribute 317

Class 318Backing Up Wireless Bridge Configurations 318Summary 320

Chapter 7 Installation and Configuration

Introduction 330Cisco Aironet Client Adapter Types 331Comparing the Cisco Aironet 340 and

350 Series Wireless LAN Adapters 331Cisco Aironet Client Utility (ACU) 333Installing and Configuring the

Cisco Aironet LAN Adapter Card 334

Cisco Aironet Client Profile Manager 336Creating a New Aironet Client Profile 337Using an Existing Aironet Client Profile 337Modifying an Existing Aironet Client

Profile 338Reconfiguring Profiles with the

Default Aironet Client Profile Values 338Renaming Profiles Stored within

configuration file The

utility encrypts the file by

using a scrambling

algorithm that can be

decrypted by the Auto

Installer The utility is

called EncryptIni.exe:

1 Select Start | Run.

2 In the Open prompt,

type Command and

press Enter.

3 Using the DOS

commands, navigate to

the directory where the

EncryptIni.exe and the

configuration files are

located.

4 Type EncryptIni.exe

<configuration file

name>.

Cisco Aironet Client Installation andConfiguration 340Configuring the Cisco Aironet

Setting the Client Name 341

Setting Power Save Mode 342Setting the Network Type 342Cisco Aironet Client RF Network

Configuration 343Configuring the Data Rate 344

Selecting the Power Level 345Setting the Data Retries Value 346Selecting Maximum Packet Size 346Configuring the Cisco Aironet

Client: Advanced (Infrastructure) 346Antenna Mode (Receive)/Antenna

Using the Auto Installer 354Installation Configuration File Field

Definition 354

Configuring ACU Diagnostics Preferences 357Displaying the Current Status 358Displaying the Operational Statistics 358Displaying the Link Status Meter 361Signal Strength Indicator 362Signal Quality Indicator 362

Performing a Radio Frequency Link Test 362Client Adapter Indicator LEDs 364

Summary 367

Introduction 376Understanding Security Fundamentals

and Principles of Protection 377

Extensible Authentication Protocol (EAP) 385

An Introduction to the 802.1x Standard 389Per-Packet Authentication 392Cisco Light Extensible

Authentication Protocol (LEAP) 393Configuration and Deployment of LEAP 395

Attacks Using EAP

EAP was designed to

sup-port extended

authentica-tion When you implement

EAP, you can avoid

dic-tionary attacks by using

nonpassword-based

schemes such as

biomet-rics, certificates, OTP,

smart cards, and token

cards

You should be sure

that if you are using

pass-word-based schemes that

they use some form of

mutual authentication so

that they are more

pro-tected against dictionary

attacks.

Where in the Authentication/AssociationProcess Does MAC Filtering Occur? 399Determining MAC Filtering Is Enabled 400

Accounting and Audit Trails 404

Encrypting Data Systems 407Reviewing the Role of Policy 407

The WEP Authentication Process 419WEP Benefits and Advantages 419

Security of 64-Bit versus 128-Bit Keys 422

Addressing Common Risks and Threats 423

Finding Weaknesses in a Target 424Exploiting Those Weaknesses 426Sniffing, Interception, and Eavesdropping 427

Protecting Against Sniffing andEavesdropping 430

Spoofing and Unauthorized Access 430

Protecting Against Spoofing

Network Hijacking and Modification 432

Protection against Network Hijacking and Modification 434Denial of Service and Flooding Attacks 435

DoS and Flooding Case Scenario 436Protecting Against DoS and Flooding Attacks 437Summary 438

Access Point / Bridge Spare Power Supplies 457Access Point / Bridge Serial Cable 458

Over the last 10 years, the impact of wireless communications on the way we liveand do business has been surpassed only by the impact of the Internet Cellularphones, pagers, and wireless personal digital assistants (PDAs) have become so com-monplace in our lives that it is easy to forget that 10 years ago, they were a rarity Butwireless communications technology is still in its infancy, and the next stage of itsdevelopment will be in supplementing or replacing the network infrastructure thatwas traditionally “wired” as well as enabling network infrastructures that previouslycould only be imagined From local coffee shops to commercial inventory controlsystems, within restaurants and throughout public airports, wireless commerce isbeginning to challenge the exchange system that our modern world currentlyembraces, by accessing central pools of information and communicating directlybetween users and between the devices themselves.

No longer are our choices restricted by the shortfalls of processing and batterypower, operating system efficiencies, or heat dissipation within the small footprint ofthe mobile device Rather, we are limited only by the practical application of thesetechnologies How will we access information? How will we integrate multiple hard-ware and software technologies into intelligent and useable form factors? Not allbusiness models necessarily imply the use of a single terminal to supply the user withvoice, video, and data services Ergonomic factors may dictate that voice services aremaintained privately while data exchange and video information is easily viewablefrom a specified distance, perhaps on complementary devices

As network engineers, the challenges before us include the seamless distribution

of information between seemingly incompatible software and hardware standards Inaddition, we will be challenged by narrower bandwidths to develop highly efficientmeans of transport in order to fully leverage wireless technologies

Wireless LAN (Wi-Fi) technology is a reliable and convenient method of viding immediate, highly flexible, and pedestrian-speed mobile data network access

pro-xxv

Foreword

IEEE 802.11-based products offered by Cisco Systems have quickly become one ofthe foundational technologies fostering the untethering of data communications inthe same way cordless telephony enhances local mobility for residential voice com-munications.

Wi-Fi, however, is significantly more complex than cordless telephony; loss, erage, and bandwidth requirements are much more stringent, not to mention thatdirect sequence spread-spectrum (DSSS) is inherently more complicated than fre-quency division multiple access (FDMA) and time division multiple access (TDMA).More important, the proliferation of wireless LANs in corporate environments hasresulted in interesting security challenges

cov-Many organizations do not invoke IEEE security features In addition, the currentIEEE 802.11 standard authentication techniques of using Service Set Identifiers(SSID) and Media Access Control (MAC) addressing do not provide strong authenti-cation And although Wired Equivalent Protocol (WEP) combines access control, dataprivacy, and data integrity using an underlying algorithm, it can also be broken viapassive monitoring with freely available monitoring software such as AirSnort

Fortunately, Cisco offers enhanced capabilities to mitigate some weaknesses Ofcourse, proper design and implementation are critically important; the design shouldexclude direct wireless access point connectivity to the internal network, strong secu-rity mechanisms must be implemented at different levels, and strict security policiesmust be enforced.With 802.11b access speed ranging from 1 Mbps up to 11 Mbps,and distances reaching from 500 feet indoors to as much as 5 kilometers outdoors, awireless LAN could offer an unwanted user powerful network access

Connectivity, availability, and capacity issues are resolved with proper frequencyplanning and testing Security concerns are properly addressed with unobtrusivetesting, implementation of proper policies, and firewalls Network addressing mustalso be implemented consistently

Callisma regularly assists customers with these considerations.This book will cate readers on some of the theory and practical information required to successfullyand safely deploy Wi-Fi

edu-—Ralph Troupe President and CEO, Callisma

Introduction to Wireless Local Area Networks

Solutions in this chapter:

■ Reviewing Networking Basics

■ Understanding How Wireless Fits into the OSI System Model

■ Reviewing TCP/IP Basics

Chapter 1

1

; Summary

; Solutions Fast Track

; Frequently Asked Questions

Wireless local area networks (WLANs) can be employed to provide networkconnectivity almost anywhere Consider the cost savings from not having to runnetwork cable to every possible location that could have a computer or networkdevice connected to it Consider the convenience of a wireless-enabled confer-ence room Imagine the increase in accuracy of a medical professional’s dataentered directly into a tablet computer during his rounds through the WLANinstead of transcribed from a clipboard at a central workstation Conferencerooms, warehouses, indoor and outdoor public access areas, and hospitals are allsuitable locations for WLANs Unfettered access to the network, regardless ofphysical location, or traditional cable distance limitations is one of the primarydrivers for WLANs

Where can you fit WLANs into your existing infrastructure? Just about where you like.WLANs allow network designers to no longer be constrained bythe 100m distance limitation for Category 5 copper cabling Because WLANs useradio frequency (RF) signals to communicate, users can stay connected to thenetwork almost anywhere

any-Many companies are merging WLANs into their traditional wired networks

to provide connectivity to the network to large numbers of users Conferencerooms are a great place to start considering wireless in your network.The cost ofwiring a conference room and maintaining the hardware required to keep thosewired jacks “hot” can be prohibitive Conference rooms are used for “chalk talk”design sessions, application development sessions, and training By using WLANs,the need for multiple data jacks in a conference room can be eliminated A singleantenna connected to a WLAN access point (AP) can support many users

Warehouse applications are also prime candidates for WLAN Real-time tory control can be implemented using wireless Imagine having your inventorycontrol software connected to mobile devices on the warehouse floor trackinginventory as it fluctuates during the course of a day.WLANs can be a very impor-tant business driver, enabling a company to gain a competitive advantage

inven-Hospital bedside access is also a popular application for WLANs.The abilityfor a hospital staff member to check in a patient at bedside rather than waiting

in line at an admissions desk is much more efficient Bedside access can alsoenable a doctor to write a prescription or check medical records on a patientinstantaneously

College campuses and some companies are also extending the network structure to public access areas both indoors and outside.This no longer restrains

infra-the user to just her desk, or even in infra-the building, to be productive For infra-thegrowing mobile workforce, wireless provides the connectivity.

Reviewing Networking Basics

Before we delve into the topic of WLANs, we need to cover networking in

gen-eral A network is defined as a series of points or nodes interconnected by

commu-nication paths.The points or nodes may be devices dedicated to a single function,such as a PC dedicated to client applications, or a router dedicated to intercon-necting networks.This chapter covers some fundamental theories, technologies,and applications for networks LAN Technologies such as Ethernet, Fast Ethernet,Gigabit Ethernet,Token Ring, and Fiber Distributed Data Interface (FDDI) areprevalent in the networking industry today

There are three primary types of networks, the local area network (LAN),metropolitan area network (MAN), and the wide area network (WAN).The dis-tinguishing feature of these networks is the spatial distance covered LANs, as thename implies, are typically contained in a single structure or small geographic

region Groups of LANs interconnected may also be referred to as a campus in

larger environments MANs connect points or nodes in a geographic regionlarger than a LAN, but smaller than a WAN Some of the same LAN technologiesmay be employed in a MAN, such as Gigabit Ethernet.WANs are geographicallydiverse networks and typically use technologies different from LANs or MANs

WANs typically are comprised of high-speed circuits leased from a cations provider to facilitate connectivity.WANs rarely use the same technologies

telecommuni-as LANs or MANs.Technologies such telecommuni-as Frame Relay, Integrated Services DigitalNetwork (ISDN), X.25, Asynchronous Transfer Mode (ATM), Digital SubscriberLine (DSL) and others may be used.This is because of the larger distances WANsservice

Defining Topologies

Within the definition of a network, points or nodes are connected by cation paths.These paths may vary significantly depending on the paths imple-

communi-mented.We cover four primary topologies: bus, star, ring, and mesh Each topology

has strengths and weaknesses, as well as different associated costs A good networkdesign will take each topology into consideration to determine the best solution

The word topology can refer to either the physical or logical layout of

the network For example, an Ethernet network with a hub would have a star topology, but the logical topology would be a bus.

Bus Topology

A bus topology is a linear LAN architecture in which transmissions from networkdevices or stations propagate the entire length of the medium and are received byall nodes on the medium A common example of a bus topology is

Ethernet/IEEE 802.3 networks, as illustrated in Figure 1.1

Star Topology

A star topology is a LAN architecture in which the devices or stations on a work are connected to a central communications device, such as a hub or switch.Logical bus and ring topologies are often physically implemented in star topolo-gies Figure 1.2 shows a typical star topology

net-Ring Topology

A ring topology is a LAN architecture in which the devices or stations on a work are connected to each other by unidirectional transmission links to form asingle closed loop Common examples of ring topologies are Token Ring/IEEE802.5 and FDDI networks, as illustrated in Figure 1.3

net-Figure 1.1Bus Topology

Ethernet

File Server Network Printer

Client PC Client PC

Mesh Topology

A mesh topology is a LAN architecture is which every device or station on anetwork is connected to every other device or station Mesh topologies areexpensive to deploy and cumbersome to manage because the number of connec-tions in the network can grow exponentially.The formula used to calculate thenumber of connections in a fully meshed network is as follows:

(N x (N–1))/2

where N is the number of devices on the network Divide the result by 2 to

avoid double counting the device A-to-device-B connection and the device

Figure 1.2Star Topology

File Server Network Printer

Client PC Client PC

B-to-device-A connection.To illustrate the large numbers that a fully meshedenvironment can reach, review the following examples:

■ A small network with 50 users wants to implement a fully meshedtopology.The number of connections required to do this would be (50 ×(50–1))/2, which equals 1,225.That is a lot of connections for asmall LAN!

■ A medium network with 500 users wants to implement a fully meshedtopology.The number of connections required to do this would be (500 ×(500–1))/2 which equals 124,750 connections!

Now for the reality check on fully meshed networks Fully meshed networksare typically implemented in a small handful of situations.The most commondeployment model for fully meshed networks would be in the WAN arena FrameRelay and ATM are technologies that are well suited for fully meshed networkswith high availability requirements Figure 1.4 depicts a typical mesh network

CSMA/CD versus Deterministic Access

In LANs, there are two predominant methods of controlling access to the physicalmedium: Carrier Sense Multiple Access with Collision Detection (CMSA/CD)and deterministic access CSMA/CD is the access method for Ethernet

CSMA/CD is best described as the same set of rules you would follow in a

meeting In a meeting, everyone in the room has the right to speak, but everyonefollows the generally accepted rule of “Only one person can talk at one time.” If

Figure 1.4Mesh Topology

File Server Network Printer

Client PC Client PC

you want to speak, you need to listen to see if anyone is else is speaking before youbegin If someone else is speaking, you must wait until they are finished before youcan begin If nobody is speaking, you can speak, but will continue to listen in casesomeone else decides to speak at the same time If they do, both speakers must stoptalking, wait a random amount of time, and start the process again If a speaker fails

to observe the protocol of only one speaker at a time, the meeting will quickly loseall effective communication (Sounds too familiar, doesn’t it?)

In Ethernet, the multiple access (MA) is the terminology for many stationsconnected to the same cable and having the opportunity to transmit No device

or station on the cable has any priority over any other device or station Alldevices or stations on the cable do take turns communicating per the access algo-rithm to ensure that one device on the LAN does not monopolize the media

The CS (carrier sense) refers to the process of listening before speaking in anEthernet network.The carrier sense operation is performed by every device onthe network by looking for energy on the media, the electrical carrier If a carrierexists, the cable is in use, and the device must wait to transmit Many Ethernetdevices maintain a deferral or back-off counter defining the maximum number

of attempts the device will make to transmit on the cable If the deferral counter

is exceeded, typically 15 attempts, the frame is discarded

The CD (collision detect) in Ethernet refers to the capability of the devices

on the wire to know when a collision occurs Collisions in Ethernet happenwhen two devices transmit data at the same time on the cable Collisions may becaused by the cable distance being exceeded, a defective device, or a poorlywritten driver that does not adhere to Ethernet specifications.When a collision isdetected, the participants generate a collision enforcement signal.The enforce-ment signal lasts as long as the smallest Ethernet frame size, 64 bytes.This sizingensures that all stations know about the collision and do not attempt to transmitduring a collision event After the collision enforcement signal has finished, themedium is again open to communications via the carrier sense protocol

Deterministic access is the protocol used to control access to the physicalmedium in a token ring or FDDI network Deterministic access means that acontrol system is in place to ensure that each device on the network has an equalopportunity to transmit

Cabling

The physical infrastructure of a LAN is one of the most important components

of a network If the physical medium that data is traversing is faulty or installedincorrectly, network performance and operation will be impacted It is analogous

to the foundation of a building Everything in the building is set upon the dation, typically strong reinforced concrete or other equally durable and reliablebuilding materials If the foundation is not installed properly, everything built onthis foundation is suspect A LAN is the same, a faulty foundation can be disas-trous to a network.You can install all of the high-end gear, switches, routers,servers, but if they don’t have the physical infrastructure to communicate effec-tively, your network will fail.

foun-There are two primary forms of physical medium a network will utilize:copper and fiber Between these two forms, there are sometimes many differentstandards of cable For example, copper may be shielded, unshielded, twisted,untwisted, solid core, or braided core.We explore copper and fiber cable in moredetail to provide a solid understanding of the importance of cabling in your net-work.You may be asking yourself “Why are we covering cabling in a book onwireless?”That is a very good question.Wireless, as its name implies, does not usephysical cabling to provide communications to the wireless network However, it

does use copper cabling to connect to your existing LAN If your existing LAN

has out-of-spec or faulty cabling, your WLAN may not meet your expectations.(Or more importantly, your boss’s expectations!)

The most common form of LAN cabling installed today is copper Copperhas been the “preferred” installation since networks starting taking hold in thecorporate world in 1980 when Xerox developed Ethernet Copper is relativelycheap, easy to install, and can meet most distances that LANs were designed tocover.The original Ethernet specification used what is called thick coaxial cable.This cable lived up to its name for sure! Thick coax is much bigger than the tra-ditional copper cable you might be familiar with After thick coax came thincoax.Thin coax was a cheaper and easier to handle and install cable alternative.Both of these cable types are implemented in a bus topology As we covered ear-lier, a bus topology is linear LAN architecture Each device or station on a bus isconnected to the same medium One of the major downsides to thick and thincoax was that it created a single point of failure If the bus were to experience afailure or cut, the network became nonfunctioning

With the advances made in copper technology, twisted pair cable became apopular LAN medium.There are two main types of twisted pair cable: shielded andunshielded Shielded, as its name implies, contains smaller copper cables, twistedamong themselves with a shielded jacket around them Shielded twisted pair allowscopper cable to be installed in facilities where there is significant interference to theelectrical signals passed along the cable.The shielding—as well as the twisting of the

cables—plays a role in protecting the cable from this interference.Twisted paircables are less prone to interference than flat, or nontwisted cables.

Among the twisted pair cabling family are a number of different levels of

cables.These are commonly referred to as categories, or CAT for short.The

pri-mary differences between the categories is the number of twists per foot in thecable More twists per foot equals less susceptibility to outside interference Some

of the newer, higher categories of cabling also have internal dividers intertwinedwith the copper cabling to further reduce interference.These higher standardsallow faster communications such as Fast Ethernet at 100 Mbps and GigabitEthernet at 1000 Mbs over copper cabling

Understanding How Wireless Fits into the OSI System Model

Wireless technology, as a networking component, is guided by the same standardsprocesses and organizations defined for all other networking components in theindustry Although working in the networking industry can be difficult at best,there are many components to a network that can either make or break thesystem In order to help standardize and define the areas a manufacturer mustbuild their equipment to service, the International Organization for Standard-ization (ISO) created the Open Systems Interconnection (OSI) reference model

This model is a seven-layer approach to data networking Each layer encompasses

The Blame Game

When planning your WLAN implementation, you need to consider the wired network and its physical plant Connecting a WLAN to a wired net- work with a questionable physical plant is a plan for trouble.

Troubleshooting connectivity to a new technology is difficult enough because the new technology is the first to be blamed On man occa- sions, problems have been blamed on the wireless network when in fact the wired network and the wiring itself was to blame Approximately 60 percent of all network problems can be tracked to the physical layer.

Don’t let your wired network create havoc in your wireless network.

Designing & Planning…

a specific set of tasks or standards that must be met in order for the network to

function.We’ll review each layer in greater detail because this is a very important

concept to understand A comprehensive understanding of the OSI system model

is of paramount importance for the internetworking designer, installer, or supportteam

The seven layers to the OSI system model are as follows:

of Data-link layer protocols are Ethernet,Token Ring, FDDI, and PPP

Within the Data-link layer are two sublayers: the Media Access Control(MAC) and Logical Link Control (LLC).These two sublayers each play an

important role in the operation of a network.We start with the MAC first.TheMAC sublayer is responsible for uniquely identifying devices on the network Aspart of the standards of the OSI system model, when a network interface in arouter, switch, PC, server, or other device that connects to a LAN is created, aglobally unique 48-bit address is burned into the ROM of the interface.Thisaddress must be unique or the network will not operate properly Each manufac-turer of network interfaces has been assigned a range of addresses from the

Institute of Electrical and Electronics Engineers (IEEE).The MAC sublayer isconsidered the lower of the two sublayers and is also responsible for determiningthe access method to the medium, such as token passing (Token Ring or FDDI)

or contention (CSMA/CD) Figure 1.5 shows an example of MAC addresses “onthe wire” after being passed from the MAC layer to the Physical layer and beingconverted to 0’s and 1’s.

The next sublayer is the LLC layer.The LLC sublayer is responsible for dling error control, flow control, framing, and MAC sublayer addressing.Themost common LLC protocol is IEEE 802.2, which defines connectionless andconnection-oriented variants IEEE 802.2 defines Service Access Points (SAPs)through a field in the Ethernet,Token Ring, or FDDI frame.Two SAPs are asso-ciated with LLC: the Destination Service Access Point (DSAP) and the SourceService Access Point (SSAP).These SAPs in conjunction with the MAC addresscan uniquely identify the recipient of a frame.Typically LLC is used for protocolssuch as SNA that do not have a corresponding network layer

han-The next layer defined by the OSI reference model is the Network layer.han-TheNetwork layer is responsible for addressing a network above the Data-link layer

The Network layer is where protocols such as Transmission ControlProtocol/Internet Protocol (TCP/IP), Internetwork Packet Exchange (IPX) andAppleTalk tie into the grand scheme of things Routing functions are also per-formed at the Network layer.TCP/IP routing protocols such as RoutingInformation Protocol (RIP), Open Shortest Path First (OSPF), and the BorderGateway Protocol (BGP) operate at the Network layer.We focus more onTCP/IP in the upcoming “Review of TCP/IP Basics” section

The three previous layers we covered, Physical, Data-link, and Network, are

considered the lower level protocols in the OSI reference model.These are the

protocols that will more than likely consume the majority of your time as a

Figure 1.5MAC Layer to Physical Layer

Ethernet

PC #1 PC #2

Data from PC#1 000000000110000010001100101110100011100100110111

to PC #2 000000000110000010001100101111010100101001001000

network engineer However, that does not mean that the next four layers are notimportant to the operation of a network.They are equally important, becausewithout the next four layers, your network doesn’t even need to be in existence.The fourth layer of the OSI system model is the Transport layer.The

Transport layer defines the protocols that control the Network layer, similar tothe way the Data-link layer controls the Physical layer.The Transport layer speci-fies a higher level of flow control, error detection, and correction Protocols such

as TCP, User Datagram Protocol (UDP), Sequenced Packet Exchange (SPX), andName Binding Protocol (NBP) operate at this layer.These protocols may be con-nection-oriented, such as TCP and SPX, or connectionless, such as UDP

The fifth layer of the OSI system model is the Session layer.The Session layer

is responsible for establishing, managing, and terminating communication sessionsbetween Presentation layer entities and the Transport layer, where needed

Lightweight Directory Access Protocol (LDAP) and Remote Procedure Call(RPC) are examples of Session layer protocols

The sixth layer of the OSI system model is the Presentation layer.ThePresentation layer is responsible for ensuring that data sent from the Applicationlayer of one device is comprehensible by the Application layer of another device.IBM’s Network Basic Input Output System (NetBIOS) and Novell’s NetWareCore Protocol (NCP) are examples of Presentation layer protocols.The ISO alsodeveloped a Presentation layer protocol named Abstract Syntax Notation One(ASN.1), which describes data types independent of various computer structuresand representation techniques ASN.1 was at one time thought to be the

Presentation layer protocol of choice, when the ISO’s protocol stack was going tosweep the networking industry Now we know that some components of ISO,such as Intermediate System to Intermediate System (IS-IS) as a routing protocol,and the X.500 directory services protocol have been widely deployed, while themajority of the protocol stack has been neglected

The seventh, and final, layer of the OSI system model is the Application layer.The Application layer is responsible for providing network services to applicationssuch as e-mail, word processing, and file transfer, which are not implicitly defined

in the OSI system model.The Application layer allows developers of softwarepackages to not have to write networking routines into their program Instead,developers can utilize programming functions to the Application layer and relyupon Layer 7 to provide the networking services they require Some commonexamples of Application layer protocols include Simple Mail Transfer Protocol(SMTP), Hypertext Transfer Protocol (HTTP), and Telnet

Tracking Data through the OSI System Model

Understanding how data moves across an internetwork is a very important ponent of being a network engineer.You need a comprehensive grasp of thetechnologies and the standards they support, and you also need to know howthose technologies and standards relate to the actual network.The OSI systemmodel bridges that gap for you Knowing the details of the network as well as the way end-user applications interact with the network is a powerful trouble-shooting tool

com-One of the easiest analogies used to understand the OSI system model is that

of sending a letter through the mail A number of items must be completed foryour letter to be delivered to the appropriate recipient.We walk a letter throughthe postal system and illustrate the parallel connections to the OSI system model

The first thing that you need to do to send a letter is to write it.You sitdown at your desk and write a letter to your friend that lives on the other side ofthe country After you finish writing the letter, you get an envelope and address it

to your friend.You then walk to your mailbox and place the letter inside.Theseactions correlate to the OSI system model layers nicely.Writing the letter corre-sponds roughly to the Application layer If you used a word processor to write theletter, then print it out to place in the envelope, the act of printing the letterwould be similar to what happens at the Application layer.The fact that youprinted the letter means that you relinquished control of the letter to the net-work, the postal system in this case.Your actual words on the paper correspond tothe Presentation layer in that you needed to ensure that the recipient, your

friend, can read the letter.You presented your thoughts in a format your friendcan read and comprehend Addressing the letter can correspond to the Session,Transport, and Network layers In networking terms, the steps of sealing the letter

in the envelope and addressing it relate to the actions of UDP in a TCP/IP work.The data, your letter, was encapsulated in the envelope and passed downthrough the OSI model to the Network layer where it was addressed.Withoutthe address, your letter cannot be delivered and the same principle applies to net-working Data cannot be delivered without an address Placing the envelope inthe mailbox is comparable to what happens at the Data-link and Physical layers

net-of the OSI system model.The envelope was placed or encapsulated in the correctformat for delivery on the network where it will be transmitted to the recipient

The mailbox maps to the Data-link layer and the postal carrier that picks up theenvelope would be the Physical layer, responsible for ensuring that the envelope isdelivered